Android privacy tool feeds fake data to prying apps

Not sure what anyone will find snooping around our phones. All we use them for is Facebook and flappy bird clones

Wired

When you install an app on your phone, it often spreads its tentacles into other various parts of the device. Sometimes, it taps into the hardware that identifies your location. Others, it grabs data from your address book.

If you use an Android phone, the OS will tell you -- explicitly -- what the app is trying to access, and it will ask your permission to do so. But you can't provide permission for one data grab and then reject another. It's an all-or-nothing proposition.

Advertisement

If you want the Twitter app but don't want it accessing your text messages, you're out of luck.

That's a problem for those of us who really want to protect our privacy, but still want to be participate in things like social media. And even if you trust everything the app developer is doing today, you never know if a new update may contain malware planted by someone else. That's why Marcel Bokhorst created XPrivacy, an open source tool that lets you closely control the permissions for each of your Android apps.

Read next

After murder and violence, here's how WhatsApp will fight fake news

ByMatt Burgess

In short, the tool can override a particular permission setting by feeding it junk data. For example, it can feed your Linkedin app fake location information, or your Twitter app an empty address book. And you can do this on an app-by-app basis. So, even if you prevent LinkedIn from accessing your location, you can still offer access to your mapping app.

Other Android tools let you do much the same thing, such as PDroid and OpenPDroid, but they're no longer supported by the developers who made them.

Advertisement

The popular Android alternative CyanogenMOD includes a tool called Android Privacy Guard, and the latest version of the official Android OS offers app-by-app privacy settings. But Bokhorst says these tools don't provide the same fine-grained controls as XPrivacy, which can manage 250 different settings. Plus, the official Android privacy settings are hidden from the average user, probably because they're not ready for prime time.

Bokhorst started building XPrivacy last year while he was developing his own custom version of CyanogenMOD that included OpenPDroid. But after getting frustrated because no one was updating OpenPDroid, he decided to create his own privacy tool using an open source Android developer framework called XPosed.

The result was XPrivacy.

Read next

Forget Facebook, mysterious data brokers are facing GDPR trouble

ByAmit Katwala

The project took off quickly. Bokhorst says he has spent over 2,000 hours working on the project so far, and the open source community has contributed not only several ideas for the project, but translations into 37 different languages.​ According to the open-source-project-tracking site Ohloh, over seven years of effort have already gone into the project. "I guess I am an efficient worker," Bokhorst jokes.

The downside of the tool is that you can't use it without arranging "root" access to your phone. This generally means using some third-party software to hack into your phone so that you have control over the core software, and it can void your warranty -- or, worse, screw-up the phone's internal software so badly that's effectively rendered useless. Unfortunately, Bokhorst says, it's not possible to build a version of XPrivacy that doesn't require rooting. The application must integrate deeply with the Android OS.

For the less adventurous, Android's own hidden settings are probably the best way to go.

According to Bokhorst, Google removed XPrivacy from the Android Play Store soon after it was made available. But the store still includes a tool that will at least walk you through the installation of the app. Not being in the Play store makes it harder for Bokhorst to sell the tool, but that doesn't bother him.

Advertisement

He's not building the tool for money. "The goal of the XPrivacy project is to offer a free, decent Android privacy solution for as many as possible people," he says.

That said, he does offer a premium version of XPrivacy that adds tools such as a database of custom privacy restrictions created by the XPrivacy community, and a way of importing and exporting settings across devices. And he does accept donations. "I see donations as concrete positive feedback, but they are in no way a compensation for all the time I have spent on this project," he says. "XPrivacy is more an ideology and a technical challenge."